Several US federal government agencies and 'several hundred' companies and organizations in the US have been compromised in a global cyberattack leveraging a vulnerability in MOVEit, a widely used data transfer software made by Progress Software. Russian cybercriminals, associated with the ransomware gang Clop, have exploited this vulnerability without making specific ransom demands from federal agencies yet. Progress Software identified a second vulnerability in the aftermath, leading to urgent remediation efforts. The Department of Energy confirmed breaches in two of its entities, including Oak Ridge Associated Universities and a contractor related to the Waste Isolation Pilot Plant in New Mexico. Additionally, notable victims like Johns Hopkins University and Georgia’s state-wide university system have reported potential theft of sensitive data due to the hack. This incident underscores the critical nature of software vulnerabilities and the broad, opportunistic approach of cybercriminals targeting essential services and sensitive information.
Source: https://www.cnn.com/2023/06/15/politics/us-government-hit-cybeattack/index.html
TPRM report: https://scoringcyber.rankiteo.com/company/progress-software
"id": "pro304050624",
"linkid": "progress-software",
"type": "Cyber Attack",
"date": "05/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Energy',
'location': 'United States',
'name': 'Department of Energy',
'type': 'Government Agency'},
{'industry': 'Education',
'location': 'United States',
'name': 'Oak Ridge Associated Universities',
'type': 'Educational Institution'},
{'industry': 'Environmental',
'location': 'New Mexico, United States',
'name': 'Waste Isolation Pilot Plant',
'type': 'Government Contractor'},
{'industry': 'Education',
'location': 'United States',
'name': 'Johns Hopkins University',
'type': 'Educational Institution'},
{'industry': 'Education',
'location': 'Georgia, United States',
'name': 'Georgia’s state-wide university system',
'type': 'Educational Institution'}],
'attack_vector': 'Vulnerability Exploitation',
'data_breach': {'type_of_data_compromised': 'Sensitive data'},
'description': 'Several US federal government agencies and several hundred '
'companies and organizations in the US have been compromised '
'in a global cyberattack leveraging a vulnerability in MOVEit, '
'a widely used data transfer software made by Progress '
'Software. Russian cybercriminals, associated with the '
'ransomware gang Clop, have exploited this vulnerability '
'without making specific ransom demands from federal agencies '
'yet. Progress Software identified a second vulnerability in '
'the aftermath, leading to urgent remediation efforts. The '
'Department of Energy confirmed breaches in two of its '
'entities, including Oak Ridge Associated Universities and a '
'contractor related to the Waste Isolation Pilot Plant in New '
'Mexico. Additionally, notable victims like Johns Hopkins '
'University and Georgia’s state-wide university system have '
'reported potential theft of sensitive data due to the hack. '
'This incident underscores the critical nature of software '
'vulnerabilities and the broad, opportunistic approach of '
'cybercriminals targeting essential services and sensitive '
'information.',
'impact': {'data_compromised': 'Sensitive data'},
'initial_access_broker': {'entry_point': 'MOVEit vulnerability'},
'motivation': 'Data theft, opportunistic attack',
'ransomware': {'ransomware_strain': 'Clop'},
'references': [{'source': 'Progress Software'}],
'response': {'containment_measures': 'Urgent remediation efforts'},
'threat_actor': 'Russian cybercriminals associated with the ransomware gang '
'Clop',
'title': 'Global Cyberattack on US Federal Agencies and Companies via MOVEit '
'Vulnerability',
'type': 'Cyberattack',
'vulnerability_exploited': 'MOVEit data transfer software vulnerability'}